{"id":"CVE-2025-11713","details":"Insufficient escaping in the “Copy as cURL” feature could have been used to trick a user into executing unexpected code on Windows. This did not affect the application when running on other operating systems. This vulnerability affects Firefox \u003c 144, Firefox ESR \u003c 140.4, Thunderbird \u003c 144, and Thunderbird \u003c 140.4.","modified":"2026-05-04T08:46:55.574513Z","published":"2025-10-14T13:15:37.567Z","withdrawn":"2026-05-04T08:46:55.574513Z","related":["SUSE-SU-2025:21021-1","SUSE-SU-2025:3775-1","SUSE-SU-2025:3808-1","SUSE-SU-2025:4006-1","SUSE-SU-2025:4173-1","SUSE-SU-2025:4174-1","openSUSE-SU-2025:15632-1","openSUSE-SU-2025:15645-1","openSUSE-SU-2025:15646-1","openSUSE-SU-2025:20026-1","openSUSE-SU-2025:20065-1"],"references":[{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-81/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-83/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-84/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2025-85/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1986142"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11713.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"140.4.0"}]},{"events":[{"introduced":"0"},{"fixed":"144.0"}]},{"events":[{"introduced":"0"},{"fixed":"140.4.0"}]},{"events":[{"introduced":"141.0"},{"fixed":"144.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}